Have you tried the "Patterns" tab? That can show patterns in your results if you have enough events for Splunk to analyze. If you have a finite set of events then you may be able to group them usin...
See more...
Have you tried the "Patterns" tab? That can show patterns in your results if you have enough events for Splunk to analyze. If you have a finite set of events then you may be able to group them using a case function and the stats command. ...
| eval warn = case(match(_raw, "ConfigurationLoader - Deprecated configuration detected in path .*?. Please update your settings to use the latest configuration options.", "ConfigurationLoader - Deprecated configuration detected in path. Please update your settings to use the latest configuration options",
match(_raw, "QueryExecutor - Query execution time exceeded the threshold .*", "QueryExecutor - Query execution time exceeded the threshold. Query:",
match(_raw, "MemoryMonitor - High memory usage detected: .*? of allocated memory is in use. Consider increasing the available memory.", "MemoryMonitor - High memory usage detected: of allocated memory is in use. Consider increasing the available memory.",
1==1, _raw)
| stats count by warn Of course, this requires you to know which warnings are of interest and becomes impractical when there is a large number of them.